Home » Spyware & Browser Hijacker Support Forum » Habe Probleme mit Spyware Quake, komme mit anderen Anweisungen nicht klar! » Themenansicht
Habe Probleme mit Spyware Quake, komme mit anderen Anweisungen nicht klar!Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
09.07.2006, 19:47
Ehrenmitglied
 Beiträge: 29434 |
||
 
|
|
|
|
10.07.2006, 13:54
Member
Themenstarter Beiträge: 15 |
#17
Spyware Scan Details
Start Date: 10.07.2006 12:32:07 End Date: 10.07.2006 13:11:53 Total Time: 39 mins 46 secs Detected spyware DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Deleted Infected files detected c:\dokumente und einstellungen\all users\startmenü\security troubleshooting.url c:\dokumente und einstellungen\all users\startmenü\online security guide.url Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08} Backdoor.Rbot.steam Backdoor more information... Status: Deleted Infected files detected D:\Programme\Spiele\Counter-Strike 1.6\CS 1.6\platform\steam_dev.exe CoolWebSearch.StartPage Hijacker more information... Details: CoolWebSearch StartPage hijacks Internet Explorers start page not allowing the user to change this URL. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak CoolWebSearch.WinRes Adware (General) more information... Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494} HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\InprocServer32 C:\WINDOWS\winres.dll HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\ProgID WinRes.WindowsResources.1 HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\TypeLib {344EE577-2027-4714-82FF-0D7538488547} HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\VersionIndependentProgID WinRes.WindowsResources HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494} WindowsResources CoolWebSearch Hijacker more information... Details: CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to CoolWebSearch.com and other sites affiliated with its operators. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494} HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\InprocServer32 C:\WINDOWS\winres.dll HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\ProgID WinRes.WindowsResources.1 HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\TypeLib {344EE577-2027-4714-82FF-0D7538488547} HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\VersionIndependentProgID WinRes.WindowsResources HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494} WindowsResources HKEY_CLASSES_ROOT\TypeLib\{344EE577-2027-4714-82FF-0D7538488547} HKEY_CLASSES_ROOT\TypeLib\{344EE577-2027-4714-82FF-0D7538488547}\1.0\0\win32 C:\WINDOWS\winres.dll HKEY_CLASSES_ROOT\TypeLib\{344EE577-2027-4714-82FF-0D7538488547}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{344EE577-2027-4714-82FF-0D7538488547}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\TypeLib\{344EE577-2027-4714-82FF-0D7538488547}\1.0 WindowsResources 1.1 Type Library Virtumonde Adware (General) more information... Details: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Trojan.WinlogonHook.Delf.A Trojan more information... Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 120017313 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 779 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PID 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 140 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 33 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR OCCUR 1 Caishow Toolbar more information... Status: Deleted Infected files detected c:\programme\home cinema\mediashow\wavdest.ax Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{3C78B8E2-6C4D-11D1-ADE2-0000F8754B99} HKEY_CLASSES_ROOT\CLSID\{3C78B8E2-6C4D-11D1-ADE2-0000F8754B99}\InprocServer32 C:\Programme\Home Cinema\MediaShow\wavdest.ax HKEY_CLASSES_ROOT\CLSID\{3C78B8E2-6C4D-11D1-ADE2-0000F8754B99}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{3C78B8E2-6C4D-11D1-ADE2-0000F8754B99} WAV Dest ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\nils\cookies\nils@atdmt[1].txt Weborama Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\nils\cookies\nils@weborama[2].txt __________ I'm my own kind of conformist |
|
|
|
|
|
|
10.07.2006, 16:32
Ehrenmitglied
Beiträge: 29434 |
#18
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) pmkhi.dll in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn auch mit: hvcycg.dll tuvttrp.dll __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.07.2006, 16:54
Member
Themenstarter Beiträge: 15 |
#19
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 10.07.2006 16:47:41 for strings: ; 'pmkhi.dll' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_USERS\S-1-5-21-446019527-2357198937-11714681-1010\Software\Neuber GbR\Security Task Manager\Cache] "C:\\WINDOWS\\System32\\pmkhi.dll"="1440" ; End Of The Log... ================================= REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 10.07.2006 16:49:01 for strings: ; ' hvcycg.dll' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... ================================= REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 10.07.2006 16:50:54 for strings: ; 'tuvttrp.dll' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_USERS\S-1-5-21-446019527-2357198937-11714681-1010\Software\Neuber GbR\Security Task Manager\Cache] "C:\\WINDOWS\\system32\\tuvttrp.dll"="1440" ; End Of The Log... __________ I'm my own kind of conformist |
|
|
|
|
|
|
10.07.2006, 17:15
Ehrenmitglied
Beiträge: 29434 |
#20
gehe in die Registry
Start - Ausfuehren - regedit gebe die dll in "bearbeiten - suchen" ein und loesche sie aus dem Cache vom Security Task Manager + PC neustarten dann sollte wieder alles in schoenster Ordnung sein  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.07.2006, 21:00
Member
Themenstarter Beiträge: 15 |
#21
wow, DANKE!!
die zweite .dll hat er allerdings nich gefunden (hvcycg.dll). Hoffe das is jetz nich zu schlimm. Und jetz kann ich auch die ganzen Programme wieder deinstallieren? Oder sollte ich irgendwelche davon noch drauflassn? Auf jeden Fall aber nochmal VIELEN DANK! __________ I'm my own kind of conformist |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
http://virus-protect.org/counterspy.html
nach dem scan stelle alles auf "remove" und poste den scanreport
__________
MfG Sabina
rund um die PC-Sicherheit